Here’s the way I think of it. Imagine you live in a house at the end of a long street. Your front door is the login page to your Synology. All the measures you’ve put in place (cloudlfare, ip blocklists, firewall) are the equivalent of putting up a guard booth/gate at the end of your driveway that only allows cars with a license plate of a specific state.

You haven’t made yourself significantly more secure, just lined the traffic up in a more organized fashion. You are still trusting the people that made your door lock to not be vulnerable.

Yes, it’s easier to access vs having a big metal gate that only you have the code to open (VPN) in front of your house. But why open yourself up to a single point of failure?

Here’s just one recent example of an attacker being able to bypass the authentication on a synology. All the things you have implemented wouldn’t prevent a single person in the internet from using this exploit. https://www.zerodayinitiative.com/advisories/ZDI-23-660/

Mergerfs + snapraid

If a drive fails, you only need the parity disk to restore, not the whole array. Also, if for some reason you can’t restore, you only lose data on the failed drive.

ZFS is great and for real NAS data, I’m a fan. But for large media files and and such that you are write once, read many, it’s a much better option I think.

Mergerfs is just to present all 20 drives as a single mount point so you aren’t searching thru 20 drives when you want to view.

I’ve been on mergerfs + snapraid for years and haven’t had any issues. I even tried downloading to a NVMe but then you just move the bottleneck from downloading to moving off the cache drive. And if you download more than your cache drive, you’re no better off.

Setup mergerfs and make sure and specify “most free space”. Then each file will actually get written to a different drive because it evaluates the space and rotates the writes. The n just run snapraid nightly to keep parity in sync. (This does mean you could lose something between download and sync, but if you just downloaded, you can probably grab again)

Now, the big assumption here is that most of your files are large media files. If you’re moving thousands of small files, you’ll probably notice a performance hit.

I can easily saturate my 2.5 gbps fiber connection with no issues. And as others have said, it’s just standard files and you’re not hosed it a single drive dies.